Try SpotterAdds or removes a user from a MongoDB database
| "added in version" 1.0.0 of community.mongodb"
Authors: Elliott Foster (@elliotttf), Julien Thebault (@Lujeni)
Install with ansible-galaxy collection install community.mongodb:==1.7.3
collections:
- name: community.mongodb
version: 1.7.3Adds or removes a user from a MongoDB database.
- name: Create 'burgers' database user with name 'bob' and password '12345'.
community.mongodb.mongodb_user:
database: burgers
name: bob
password: 12345
state: present
- name: Create a database user via SSL (MongoDB must be compiled with the SSL option and configured properly)
community.mongodb.mongodb_user:
database: burgers
name: bob
password: 12345
state: present
ssl: True
- name: Delete 'burgers' database user with name 'bob'.
community.mongodb.mongodb_user:
database: burgers
name: bob
state: absent
- name: Define more users with various specific roles (if not defined, no roles is assigned, and the user will be added via pre mongo 2.2 style)
community.mongodb.mongodb_user:
database: burgers
name: ben
password: 12345
roles: read
state: present
- name: Define roles
community.mongodb.mongodb_user:
database: burgers
name: jim
password: 12345
roles: readWrite,dbAdmin,userAdmin
state: present
- name: Define roles
community.mongodb.mongodb_user:
database: burgers
name: joe
password: 12345
roles: readWriteAnyDatabase
state: present
- name: Add a user to database in a replica set, the primary server is automatically discovered and written to
community.mongodb.mongodb_user:
database: burgers
name: bob
replica_set: belcher
password: 12345
roles: readWriteAnyDatabase
state: present
# add a user 'oplog_reader' with read only access to the 'local' database on the replica_set 'belcher'. This is useful for oplog access (MONGO_OPLOG_URL).
# please notice the credentials must be added to the 'admin' database because the 'local' database is not synchronized and can't receive user credentials
# To login with such user, the connection string should be MONGO_OPLOG_URL="mongodb://oplog_reader:oplog_reader_password@server1,server2/local?authSource=admin"
# This syntax requires mongodb 2.6+ and pymongo 2.5+
- name: Roles as a dictionary
community.mongodb.mongodb_user:
login_user: root
login_password: root_password
database: admin
user: oplog_reader
password: oplog_reader_password
state: present
replica_set: belcher
roles:
- db: local
role: read
- name: Adding a user with X.509 Member Authentication
community.mongodb.mongodb_user:
login_host: "mongodb-host.test"
login_port: 27001
login_database: "$external"
database: "admin"
name: "admin"
password: "test"
roles:
- dbAdminAnyDatabase
ssl: true
ssl_ca_certs: "/tmp/ca.crt"
ssl_certfile: "/tmp/tls.key" #cert and key in one file
state: present
auth_mechanism: "MONGODB-X509"
connection_options:
- "tlsAllowInvalidHostnames=true"
ssl:
aliases:
- tls
default: false
description:
- Whether to use an SSL connection when connecting to the database.
required: false
type: bool
name:
aliases:
- user
description:
- The name of the user to add or remove.
required: true
type: str
roles:
description:
- 'The database user roles valid values could either be one or more of the following
strings: ''read'', ''readWrite'', ''dbAdmin'', ''userAdmin'', ''clusterAdmin'',
''readAnyDatabase'', ''readWriteAnyDatabase'', ''userAdminAnyDatabase'', ''dbAdminAnyDatabase''
'
- 'Or the following dictionary ''{ db: DATABASE_NAME, role: ROLE_NAME }''.'
- This param requires pymongo 2.5+. If it is a string, mongodb 2.4+ is also required.
If it is a dictionary, mongo 2.6+ is required.
elements: raw
type: list
state:
choices:
- absent
- present
default: present
description:
- The database user state.
type: str
database:
aliases:
- db
description:
- The name of the database to add/remove the user from.
required: true
type: str
password:
aliases:
- pass
description:
- The password to use for the user.
type: str
atlas_auth:
default: false
description:
- Authentication path intended for MongoDB Atlas Instances
type: bool
login_host:
default: localhost
description:
- The host running MongoDB instance to login to.
required: false
type: str
login_port:
default: 27017
description:
- The MongoDB server port to login to.
required: false
type: int
login_user:
description:
- The MongoDB user to login with.
- Required when I(login_password) is specified.
required: false
type: str
replica_set:
description:
- Replica set to connect to (automatically connects to primary for writes).
type: str
ssl_crlfile:
description:
- The ssl_crlfile option takes a path to a CRL file.
required: false
type: str
ssl_keyfile:
description:
- Private key for the client certificate.
required: false
type: str
ssl_ca_certs:
aliases:
- tlsCAFile
description:
- The ssl_ca_certs option takes a path to a CA file.
required: false
type: str
ssl_certfile:
aliases:
- tlsCertificateKeyFile
description:
- Present a client certificate using the ssl_certfile option.
required: false
type: str
ssl_cert_reqs:
aliases:
- tlsAllowInvalidCertificates
choices:
- CERT_NONE
- CERT_OPTIONAL
- CERT_REQUIRED
default: CERT_REQUIRED
description:
- Specifies whether a certificate is required from the other side of the connection,
and whether it will be validated if provided.
required: false
type: str
auth_mechanism:
choices:
- SCRAM-SHA-256
- SCRAM-SHA-1
- MONGODB-X509
- GSSAPI
- PLAIN
description:
- Authentication type.
required: false
type: str
login_database:
default: admin
description:
- The database where login credentials are stored.
required: false
type: str
login_password:
description:
- The password used to authenticate with.
- Required when I(login_user) is specified.
required: false
type: str
update_password:
choices:
- always
- on_create
default: always
description:
- C(always) will always update passwords and cause the module to return changed.
- C(on_create) will only set the password for newly created users.
- This must be C(always) to use the localhost exception when adding the first admin
user.
- This option is effectively ignored when using x.509 certs. It is defaulted to 'on_create'
to maintain a a specific module behaviour when the login_database is '$external'.
type: str
connection_options:
description:
- Additional connection options.
- Supply as a list of dicts or strings containing key value pairs seperated with '='.
elements: raw
required: false
type: list
ssl_pem_passphrase:
aliases:
- tlsCertificateKeyFilePassword
description:
- Passphrase to decrypt encrypted private keys.
required: false
type: str
strict_compatibility:
default: true
description:
- Enforce strict requirements for pymongo and MongoDB software versions
type: bool
create_for_localhost_exception:
description:
- This is parmeter is only useful for handling special treatment around the localhost
exception.
- If C(login_user) is defined, then the localhost exception is not active and this
parameter has no effect.
- If this file is NOT present (and C(login_user) is not defined), then touch this
file after successfully adding the user.
- If this file is present (and C(login_user) is not defined), then skip this task.
type: path
user: description: The name of the user to add or remove. returned: success type: str